Log4j Flaw Can Create Vulnerabilities in Virtually All Sectors

Newmeyer Dillion

What Happened?

A recently-exposed flaw in Apache Log4j (a java-based logging utility used by numerous applications amongst nearly all public and private sectors) is rendering many entities and corporate systems vulnerable to cyber-attacks.  Attackers have already invaded vulnerable networks to steal system credentials and data.  Third-parties associated with companies can also make the company’s own system and network vulnerable to attacks.

Why Does This Matter?

Because of this Log4j flaw, software has been publicly released that further exploits the vulnerability.  This allows attackers to access system credentials and system data, and even allows attackers to fully access servers affected by the vulnerability.  Because Log4j is used in nearly all sectors, experts suspect that these vulnerabilities will provide opportunities for cyber-attacks for years to come.

What Should My Company Do?

The most important step is to take immediate action to limit the likelihood and severity of future cyber-attacks from vulnerabilities associated with Log4j.  Companies should first assess whether their systems utilize Log4j, and if so, determine whether any containment measures are available.  To mitigate the possibility of a vulnerability in their systems, companies should monitor the release of patches for Log4j and applications that utilize Log4j.  Companies should also assess whether their third-party vendors are also utilizing Apache Log4j and whether these vendors have access to company systems and data.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Newmeyer Dillion | Attorney Advertising

Written by:

Newmeyer Dillion

Newmeyer Dillion on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide

This website uses cookies to improve user experience, track anonymous site usage, store authorization tokens and permit sharing on social media networks. By continuing to browse this website you accept the use of cookies. Click here to read more about how we use cookies.